Vulnerability Note VU#377804

Multiple Open Software Foundation Distributed Computing Environment (DCE) implementations vulnerable to DoS

Original Release date: 08 Aug 2003 | Last revised: 18 Aug 2003

Overview

A denial-of-service vulnerability exists in multiple vendor implementations of the Distributed Computing Environment. This vulnerability may allow a remote attacker to cause the service to fail. Note that this vulnerability may be triggered by attackers attempting to exploit VU#568148 and VU#326746.

Description

The Open Group describes the Distributed Computing Environment (DCE) as an "industry-standard, vendor-neutral set of distributed computing technologies." They go on to describe DCE as follows:

    DCE provides a complete Distributed Computing Environment infrastructure. It provides security services to protect and control access to data, name services that make it easy to find distributed resources, and a highly scalable model for organizing widely scattered users, services, and data. DCE runs on all major computing platforms and is designed to support distributed applications in heterogeneous hardware and software environments.

A vulnerability has been discovered in DCE which may allow a remote attacker to cause the DCE service to either hang or terminate, which will effectively make it impossible for DCE clients to communicate with the DCE server.

Impact

A remote attacker may be able to cause the DCE service to either hang or terminate, which will effectively make it impossible for DCE clients to communicate with the DCE server.

Solution

Apply a patch.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Cray Inc.Affected05 Aug 200306 Aug 2003
Entegrity Solutions CorpAffected-07 Aug 2003
Hewlett-Packard CompanyAffected05 Aug 200318 Aug 2003
IBMAffected05 Aug 200308 Aug 2003
Apple Computer Inc.Not Affected05 Aug 200307 Aug 2003
F5 NetworksNot Affected05 Aug 200308 Aug 2003
Foundry Networks Inc.Not Affected-06 Aug 2003
Ingrian NetworksNot Affected05 Aug 200308 Aug 2003
Juniper NetworksNot Affected05 Aug 200308 Aug 2003
Lotus SoftwareNot Affected05 Aug 200311 Aug 2003
Microsoft CorporationNot Affected05 Aug 200307 Aug 2003
NetBSDNot Affected05 Aug 200308 Aug 2003
Openwall GNU/*/LinuxNot Affected05 Aug 200313 Aug 2003
Sun Microsystems Inc.Not Affected05 Aug 200314 Aug 2003
3ComUnknown05 Aug 200306 Aug 2003
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 07 Aug 2003
  • Date First Published: 08 Aug 2003
  • Date Last Updated: 18 Aug 2003
  • Severity Metric: 22.78
  • Document Revision: 17

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.